I also think that "LXC should have as less dependencies as possible to ease the
support for different plattforms" has more weight than "don't invent things
twice".
quoting Daniel Lezcano:
>I think the solution to solve this issue is to use the AF_INET protocol
>on the loopback using the loopback
On 04/11/2013 09:18 AM, Jäkel, Guido wrote:
> I also think that "LXC should have as less dependencies as possible to ease
> the support for different plattforms" has more weight than "don't invent
> things twice".
>
> quoting Daniel Lezcano:
>> I think the solution to solve this issue is to use
On 04/11/2013 09:53 AM, Stéphane Graber wrote:
> On 04/11/2013 09:18 AM, Jäkel, Guido wrote:
>> I also think that "LXC should have as less dependencies as possible to ease
>> the support for different plattforms" has more weight than "don't invent
>> things twice".
>>
>> quoting Daniel Lezcano:
>
Hi Eric, any chance you've had a moment to mull this over any more?
I've also CC'ed Jiri since he is listed in MAINTAINERS for the TTY
layer :)
On Wed, 6 Mar 2013 09:58:53 -0600
Serge Hallyn wrote:
> Quoting Dwight Engen (dwight.en...@oracle.com):
> > On Mon, 25 Feb 2013 20:26:21 -0800
> > ebied
This patch supports the scenario where a user wants to install a
busybox container on a busybox host.
When running the template, in order to change the root password,
the template needs to do the chroot. On busybox-powered hosts, chroot
is not part of the coreutils package - it's part of busybox.
Quoting Bogdan Purcareata (bogdan.purcare...@freescale.com):
> This patch supports the scenario where a user wants to install a
> busybox container on a busybox host.
>
> When running the template, in order to change the root password,
> the template needs to do the chroot. On busybox-powered host
richard -rw- weinberger writes:
> On Thu, Apr 11, 2013 at 7:03 AM, Eric W. Biederman
> wrote:
>> richard -rw- weinberger writes:
>>> {st_mode=S_IFCHR|0644, st_rdev=makedev(5, 1), ...}) = 0
>>> [pid 3100] chmod("/dev/pts/5", 020644) = -1 EPERM (Operation not permitted)
>>
>> I am puzzled why we
On Thu, Apr 11, 2013 at 5:03 PM, Eric W. Biederman
wrote:
> richard -rw- weinberger writes:
>
>> On Thu, Apr 11, 2013 at 7:03 AM, Eric W. Biederman
>> wrote:
>>> richard -rw- weinberger writes:
{st_mode=S_IFCHR|0644, st_rdev=makedev(5, 1), ...}) = 0
[pid 3100] chmod("/dev/pts/5", 020
On Wed, 2013-04-10 at 20:22 +0200, Thomas Moschny wrote:
> Hi,
> Fedora systems using systemd should use /etc/hostname instead of
> /etc/sysconfig/network (the HOSTNAME=... setting), cf.
> https://bugzilla.redhat.com/show_bug.cgi?id=881785
> So, we should probably change the lxc-fedora template t
richard -rw- weinberger writes:
> On Thu, Apr 11, 2013 at 5:03 PM, Eric W. Biederman
> wrote:
>> richard -rw- weinberger writes:
>>
>>> On Thu, Apr 11, 2013 at 7:03 AM, Eric W. Biederman
>>> wrote:
richard -rw- weinberger writes:
> {st_mode=S_IFCHR|0644, st_rdev=makedev(5, 1), ...})
1. in container_free, set c->privlock to NULL before calling
sem_destroy, to prevent a window where another thread could call
sem_wait(c->privlock) while c->privlock is not NULL but is already
destroyed.
2. in container_get, check for numthreads < 0 before calling lxclock.
Once numthreads is 0, it
Quoting Eric W. Biederman (ebied...@xmission.com):
> richard -rw- weinberger writes:
>
> > On Thu, Apr 11, 2013 at 7:03 AM, Eric W. Biederman
> > wrote:
> >> richard -rw- weinberger writes:
> >>> {st_mode=S_IFCHR|0644, st_rdev=makedev(5, 1), ...}) = 0
> >>> [pid 3100] chmod("/dev/pts/5", 02064
Serge Hallyn writes:
> Quoting Eric W. Biederman (ebied...@xmission.com):
>> richard -rw- weinberger writes:
>>
>> > On Thu, Apr 11, 2013 at 7:03 AM, Eric W. Biederman
>> > wrote:
>> >> richard -rw- weinberger writes:
>> >>> {st_mode=S_IFCHR|0644, st_rdev=makedev(5, 1), ...}) = 0
>> >>> [pid
Quoting Seth Arnold (seth.arn...@canonical.com):
> On Thu, Apr 11, 2013 at 11:43:31AM -0500, Serge Hallyn wrote:
> > 1. in container_free, set c->privlock to NULL before calling
> > sem_destroy, to prevent a window where another thread could call
> > sem_wait(c->privlock) while c->privlock is not N
On 04/11/2013 06:43 PM, Serge Hallyn wrote:
> 1. in container_free, set c->privlock to NULL before calling
> sem_destroy, to prevent a window where another thread could call
> sem_wait(c->privlock) while c->privlock is not NULL but is already
> destroyed.
>
> 2. in container_get, check for numthre
Dwight Engen writes:
> Hi Eric, any chance you've had a moment to mull this over any more?
> I've also CC'ed Jiri since he is listed in MAINTAINERS for the TTY
> layer :)
Honestly I really haven't.
For the most part I have been in feature freeze and bug fix mode.
It gets tricky getting the per
Quoting Eric W. Biederman (ebied...@xmission.com):
> Serge Hallyn writes:
>
> > Quoting Eric W. Biederman (ebied...@xmission.com):
> >> richard -rw- weinberger writes:
> >>
> >> > On Thu, Apr 11, 2013 at 7:03 AM, Eric W. Biederman
> >> > wrote:
> >> >> richard -rw- weinberger writes:
> >> >>>
This is based on patch from Papp Tamas (thanks). It also does
some reorganizing of lxc-create to commonize some of the
backingstore handling.
I didn't test on btrfs or zfs, but did test that '-B btrfs' and
'-B zfs' properly fail when needed, and that lvm and dir and
_unset still work as they shou
On Thu, Apr 11, 2013 at 7:02 PM, Eric W. Biederman
wrote:
> Serge Hallyn writes:
>
>> Quoting Eric W. Biederman (ebied...@xmission.com):
>> After creating the /dev/ttyN we chown them to the root uid inside the
>> container. I've not had failures with this.
>
> Yes that should work fine.
>
> Ther
Quoting richard -rw- weinberger (richard.weinber...@gmail.com):
> On Thu, Apr 11, 2013 at 7:02 PM, Eric W. Biederman
> wrote:
> > Serge Hallyn writes:
> >
> >> Quoting Eric W. Biederman (ebied...@xmission.com):
> >> After creating the /dev/ttyN we chown them to the root uid inside the
> >> contai
First i want to to say that i didn't test this feature by myself up to now. But
from reading the list, i have questions.
For me, the main usecases of the user namespace feature seems to be:
a) to "shift" the containers root user - a security driven term ("jailbreaking")
b) to "shift" the contain
21 matches
Mail list logo
